In Windows Server 2016, management of DNS properties have been significantly enhanced in IPAM. In 2012 R2, IPAM used to discover DNS zone information and monitored availability of DNS zones. In the new version, administrators can now manage DNS zones, conditional forwarders and resource records across multiple DNS servers using IPAM.
DNS Data Collection
IPAM runs a periodic task to collect DNS data every 6 hours from the domain joined Microsoft DNS servers that IPAM is managing. It fetches the properties of DNS zone and DNS conditional forwarders from these servers. It also fetches the resource records belonging to the zones. Since same zone is hosted on multiple DNS servers, it chooses one of the authoritative servers as the ‘preferred DNS server’ for that zone and collects resource records from that DNS server. Both the collection frequency and ‘preferred DNS server’ for the zones are configurable.
DNS Zone Management
IPAM now allows administrators to perform CRUD operations on DNS zones hosted on the DNS servers being managed by IPAM. It supports both file based and Active Directory integrated DNS zones. Administrators can manage both forward and reverse lookup zones. Users can create primary, secondary and stub zones.
IPAM provides hierarchal view of DNS zones. Users can view the resource records and the DNS servers it is hosted on.
User can set DNS zone properties like dynamic update settings, scavenging properties, zone transfer properties and notify settings.
More details about DNS zone management can be found here.
IPAM also allows other DNS zone operations like:
-
Zone reload
-
Pause/Resume DNS zones
-
Zone transfer
DNS Resource Record Management
Another new feature in IPAM 2016 is DNS resource record management. IPAM now allows CRUD operations on the DNS resource records. It supports the following types of resource records:
-
AFS database
-
ATM Address
-
CNAME
-
DHCID
-
DNAME
-
Host A or AAAA
-
Host Information
-
ISDN
-
MX
-
Name Servers
-
Pointer (PTR)
-
Responsible person
-
Route Through
-
Service Location
-
SOA
-
SRV
-
Text
-
Well Known Services
-
WINS
-
WINS-R
-
X.25
IPAM provides a consolidated view of resource records of all the types for a particular DNS zone. User can filter these resource records based on name, type, IP address etc.
More details about DNS resource record management can be found here.
DNS Conditional Forwarder Management
IPAM now supports management of DNS conditional forwarders. Both file based and AD integrated conditional forwarders are supported.
Role based access control enhancements
IPAM’s role based access control feature enables administrators to delegate specific operations on specific objects to other users. The new IPAM DNS operations added in Windows Server 2016 are also backed by this feature. Administrators can choose to delegate operations like, creating/editing of a DNS zone, creating resource records of a particular type etc.
Administrators can also set access scopes at DNS zone and resource record level. It means that they can now delegate permissions to users on specific DNS zones and resource records. They can achieve delegation scenarios like:
-
Users can edit only specific DNS resource records
-
Users can edit DNS resource records of a specific type, such as PTR or MX. For example, IPAM administrator can delegate a mail server administrator permissions to change only MX resource records.
-
Users can edit DNS resource records for specific zones
More details can be found here.
Call to action
The new IPAM DNS management enhancements are present in Windows Server 2016 Technical Preview 3. We request you to try the new version of IPAM in your environment and let us know your feedback in the comments below.